admin/ClaudeMarketing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: real README and update Claude auth section in CLAUDE.md

Browse Source 
- Replaces the create-next-app boilerplate README with a real one:
  what the project does, the 8-agent pipeline table, tech stack, local
  dev, configuration via the Settings UI, multi-tenant App model,
  Unraid deployment, and repo layout.
- CLAUDE.md "Claude Auth in Docker" no longer claims .env is the only
  way to set the OAuth token — describes the Settings page as primary,
  .env as bootstrap fallback, mentions the Test button, and notes that
  Anthropic exposes no UI to list/revoke setup-tokens.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Trey T
2026-05-03 21:13:45 -05:00
parent 55fb221faa
commit 8afbf68f4c
2 changed files with 171 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CLAUDE.md
+7 -4
View File
@@ -72,11 +72,14 @@ ssh unraid "cd /mnt/user/appdata/marketing && docker compose down && docker comp
```
### Claude Auth in Docker
Claude Max uses OAuth, tokens stored in macOS Keychain. For headless Docker:
Claude Max uses OAuth tokens stored in macOS Keychain locally, but the headless Docker container has no keychain, so it needs the OAuth access token explicitly. The token is rotated from the **Settings page** (`/settings` → Claude card); the DB value is injected into the spawned `claude` subprocess env at launch time and overrides `CLAUDE_CODE_OAUTH_TOKEN` from the container env. The Test button on the same card validates the token by hitting the Anthropic messages API and surfaces 401s as "Token expired or invalid".
To mint a token:
1. Run `claude setup-token` locally, open the magic link in browser
2. Extract the access token: `security find-generic-password -s "Claude Code-credentials" -a "$(whoami)" -w`
3. The JSON has `claudeAiOauth.accessToken` — use just that value
4. Set `CLAUDE_CODE_OAUTH_TOKEN=<access-token>` in the Unraid `.env`
2. Extract the access token: `security find-generic-password -s "Claude Code-credentials" -a "$(whoami)" -w | python3 -c 'import sys,json; print(json.load(sys.stdin)["claudeAiOauth"]["accessToken"])'`
3. Paste it into Settings → Claude → Save (no rebuild required)
`CLAUDE_CODE_OAUTH_TOKEN` in `.env` still works as a bootstrap fallback (used on first boot before any DB value is saved, or if the DB is wiped). There is no Anthropic UI to list or revoke `setup-token` outputs — they live ~1 year. Treat each one like a password.
### Volume Permissions
Host directories must be owned by UID 1000 (node user in container):